NACLs is the security layer at a subnet level, it acts as a firewall and controls outbound and inbound traffic for subnets.
You can similarly set up network ACLs rules as security groups for an additional layer of security to the VPC. After creating the VPC, it has a default network ACL rules that allow all inbound and outbound traffic.
Each subnet in the VPC must be associated to a NACL. If you did not explicitly specify a NACL, it gets associated with the default NACL.
To associate the subnet with network ACL, create a new rule (custom NACL) by adding inbound and outbound rules for allowing/denying traffic.