Soon after new laws in Oregon and California went into force requiring “reasonable” security for connected devices, the National Institute of Standards and Technology (NIST) issued a new standard and recommended core activities to build security for the Internet of Things (IoT). This article, the second of a two-part series, details how NIST’s effort has prompted other industries to implement standards and certifications that, cumulatively, are filling in a definition of reasonable security steps. The first article shared insights from the manager of NIST’s Cybersecurity for IoT program about its new guidance and from lawyers about the standard’s alignment with the state laws and potential impact on manufacturers and customers. See “How to Protect Against Weaponized Devices in Light of the Massive Denial-of-Service Attack” (Nov. 2, 2016).