Besides security groups that control traffic on interface level. Network Access Control List (ACL) is an optional layer of security and can be configured at a subnet level. It uses a set of rule that are evaluated from top to down based on numbering assigned to the rule. And it can allow or block a CIDR block on a range of ports or a specific port.
It is recommended to reinforce your security layer with network ACL rules, this will prevent from accidentally making a new attached security group that is too permissive.
For Additional References, see Control traffic to subnets with Network ACLs.