Setting up a password policy on a stand-alone Windows device to deliver a technical control.
As a device administrator, run GPEDIT
Select (left-hand side), "Computer Configuration", "Windows Settings", "Security Settings"
Select "Account Policies" to edit the Password Policy or Account Lockout Policy
If you then click on "Password Policy" you can configure the local device password policy and set this compliant with Cyber Essentials.
Do not enforce a maximum password age (not recommended by the NCSC), but setup a minimum password length and enabled complexity.
You now have a technical control in place to deliver password compliance for Cyber Essentials on a stand-alone device.