This was raised at GNU Tools Cauldron 2022 in the discussions around increasing secure supply chain requirements. Do the upstream servers providing sources for projects need to meet requirements like NIST SP 800-53? https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf Even if we don't need to meet the requirements, does meeting them help expand the usage of FOSS for organizations that adopt the standards? Note that github does meet a variety of NIST standards as part of their service offerings: https://government.github.com/fedramp-faq Gitlab also provides projects with the ability to comply with various NIST standards: https://about.gitlab.com/blog/2022/03/29/comply-with-nist-secure-supply-chain-framework-with-gitlab/
Answering the "does this apply?" question is a regulatory or legal matter if anything. Do you know? If not, what is the infrastructure action you propose? Answering the "would it expand FOSS usage" question is not something we can know, nor an infrastructure matter.
Also note Alexandre's analysis: https://sourceware.org/pipermail/overseers/2022q3/018881.html And the actual source releases of the GNU Toolchain projects are primarily done through the FSF gnu.org servers (with sourceware providing backups/mirrors of those). Best would be to move this kind of questions about NIST recommendations to the FSF or SFC.