NSG stands for Network Security Group that has a list of ACL (Access Control List) rules which either allows/denies network traffic to subnets or NICs (Network Interface Card) connected to a subnet or both. When NSG is linked with a subnet, then the ACL rules are applied to all the Virtual Machines in that subnet.
Restrictions of traffic to individual NIC can be done by associating NSG directly to that NIC.