Need to tap some brain power here. Can I map a NT account group to an ACS group? If I have a group on our domain called tngrp, can I map it to an HSCguest group on ACS? These will be more detailed groups so should these groups be checked prior to our NT login domain group?
yes, yes, and yes. You can map windows groups to ACs groups. The gotchas are:
You cannot use nested groups in AD (e.g. testgroup contains testgroup1 and testgroup2).
A user can not map to multiple ACS groups. For this reason, as you mentioned, you want the most important groups first. For example, if you want admins to map to admins and users to map to users, you should define the admins mapping above the users mapping (assuming all admins are users).