Note: I've also posted a question for this issue on non-Windows systems.
In NIST SP 800-53 Rev. 3, IA-5 is the control addressing "Authenticator Management". The requirements in this control include such things as enforcement of password length, complexity, lifetime, history, and proper storage/transmission of passwords.
The first enhancement for this control, which is selected for all (Low/Moderate/High) systems includes this requirement:
The information system, for password-based authentication:
...
(b) Enforces at least a [Assignment: organization-defined number of changed characters] when new passwords are created;
In Windows systems, I know how to enforce long and complex passwords which are changed regularly and do not exactly match a certain number of old passwords. But, how do you implement a policy that requires a certain amount of characters to be changed with every new password?