If your subdomains are not being used to send out emails, set their DMARC policy to reject which will prevent them from being abused and impersonated.
However, if you are uncertain about the functionality of your subdomains, select “no“ until further analysis of your DMARC data.