An ACL is a basic level of stateless packet filtering, as explained
here. If that meets your (low) security requirements, then that's fine.
A firewall generally includes stateful packet inspection, a topic discussed in
this PDF. This will provide a higher level of security than an ACL.
That said, you need to look at the specific implementations, as what one vendor calls an ACL another may call a firewall.