The Foundation maintains a centralized directory of contributors who have a legal framework (CLA) to contribute to FINOS project, but Project Maintainers retain full control over your project, including who has commit rights to the code (with one caveat - see the note at right). In other words no one can commit directly to your project until / unless you approve them to do so. See how we manage project permissions and collaboration on Github.
Of course you should expect pull requests to come in from anywhere, and you are expected to triage those in a timely fashion.
Note: the Foundation manages a GitHub account (finos-admin) that also has implicit commit rights to your project, by virtue of being the administrator of all Program Github organizations. However Foundation staff do not use this account for repository-level activities except in extraordinary circumstances, and even then will attempt to contact the project team and/or the PMC before doing so.