http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf

A) At least 8 char not more than 20
   1) A lower case
   2) A upper case
   3) A numeric
   4) A special
Must pass rule (A) and any 2 of the numbered rules

Pass Fail  
H = Strength in bits  
N = number of posible symbols  
L = number of symbols used  

Brute force strength in bits = Log2NL
where N is the number of possible symbols and L is the number of symbols in the password

The weakest password we allow is "aaaaaaa0" which scores a 10
The strongest we allow is "!1Quickbrownfxjmpedv" which scores a 131