Oftentimes when we discuss visibility in ACI we're talking about the ability to troubleshoot when there are problems or we're talking about healthscores in general. However, something most system engineers care about is just being able to see which access control lists are applied to a set of servers or what kind of Quality of Service is being applied. Obviously, this can assist in troubleshooting, but sometimes we just need visibility into the network.
In ACI we can see contracts very easily, in both a text and graphical format. Contracts are very similar to ACLs, but easier to manage and can be easily made bidirectional. You can see which layer 4-7 devices are in between end points, and really anything you want from the APIC GUI. However, if you're partial to the CLI, you can do it there as well. Maybe you prefer running scripts and using the APIs to collect information? You can do that, too!