All Sites and Site Collections allow the creation of subsites in their respective site collections. Site Collection Admins (SCA) and Subsite Site Owners should be aware of the dangers of security inheritance. APAN recommends breaking inheritance between a subsite and a parent site collection. Please consult this article for more information.
By default, all sites, lists, and libraries in a site collection inherit permissions settings from whatever is directly above them in the site hierarchy. This means a site inherits permissions from the root site of the site collection, and a sub-site inherits permissions from its parent site. A list inherits permissions from the site that contains the list. A list item inherits permissions from the list to which it belongs.
If the default configuration is not changed, permissions are inherited through the whole site collection. In a way, each element (site, sub-site, list, library, etc.) inherits permissions from the root site of the site collection.
If you break permissions inheritance for a list or library and then define new permission settings, the list (or library) becomes a parent for items in it. The items inherit the new permission settings (unless the items have uniquely defined permissions.
APAN BEST PRACTICE: When applicable, unique list/library or file and folder security can be set; however, APAN recommends to create a new site with unique permissions. This is easier on community owners to monitor not only content but also permissions.
Restricting access to lists or libraries alone can make things complicated for multiple Owners who may not realize these changes have occurred, as access also has be given not only at the site level but also the individual list or library level.
APAN BEST PRACTICE: Create a sub-site with separate permissions. This way, you can grant access to the entire subsite versus a single library or list for ease of use.
Additional items for your consideration:
When you break permissions inheritance between a site, folder, list, library, list item or document and its parent you can restore inheritance at any time. However, it is not an APAN best practice to restore inheritance to primary site collections as you may not be aware of the permissions associated to the site collection or parent site.