A new amendment to the New York Department of Financial Services’ formidable cybersecurity regulation requires licensees to make an array of technical and governance changes to their cyber programs. The amendment’s novelty is substantial enough that even mature companies face challenges on what to prioritize. This article, the second in a two-part series about the amendment, offers insights on its highest-impact technical mandates and presents initial compliance steps companies can take. Part one discussed NYDFS’ new governance requirements. See “How the NYDFS Drives Cybersecurity in the Financial Services Industry” (Jun. 23, 2021).