Hi!
If you plan to implement NAC-framework only for your LAN users, you DON'T need ACS. NAC manager authenticates Windows AD users with kerberos tickets. All configurations are made on NAC manager.
There are two cases when you NEED Cisco ACS in NAC-enabled network:
1) If you plan to implement VPN single-sign-on. Here NAC manager authenticates remote-access users who connects to Cisco ASA/ISR via RADIUS requests, destined to ACS.
2) If you plan to implement single-sign-on for wireless users. Here NAC manager authenticates wireless users who connects to Cisco Wireless controller via RADIUS requests, destined to ACS.