No need to pay any more
It sounds like the NSA/CIA/FBI have compromised NSO and Candiru to a sufficient enough level that there is no longer any need to buy their products. Once you know all the exploits being used, you don't need the third party exploit broker.
However, I wonder how much the US actually spent with these two firms. I'm guessing relatively little, as the services offered are aimed at less technologically capable states.
On the purchasing side, I guess that rules out Cisco, HP, Dell, Apple etc as direct hardware and software suppliers, but there are plenty of non-US suppliers and non-direct resellers.
"Biden-Harris administration's commitment to put human rights at the center of US foreign policy" - ROFL - only after they sanction all dealings with China can they start to claim that human rights are at the centre, with this move being nothing more than woke posturing.