4.9.3. FIPS 140-2 Compliant Passwords

A FIPS compliant password must have the following characteristics:
  1. Must be at least seven (7) characters in length.
  2. Must include characters from at least three (3) of the following character classes:
    • ASCII digits,
    • lowercase ASCII,
    • uppercase ASCII,
    • non-alphanumeric ASCII, and
    • non-ASCII.
If the first character of the password is an uppercase ASCII letter, then it is not counted as an uppercase ASCII letter for restriction 2.
If the last character of the password is an ASCII digit, then it does not count as an ASCII digit for restriction 2.