There are two ways in which a project can be removed from general visibility.
One option is to apply protective marking (for subscriptions that support this). The security marking applied will restrict visibility of the project only to users whose clearance includes that protective marking. Protective marking applies not only to projects, but also many other objects such as companies, products and skills. Users without appropriate clearance will not be able to view the object, or even see it in lists.
The other mechanism is to set the project Eyes-Only. When set, the project will only be visible to members of that project. By default, protective security markings, and eyes-only settings are inherited by created sub-projects.