is it possible to configure settings for Enforce Password History, Maximum and Minimum Password Age a in Umbraco

Umbraco doesn't do this. It's also considered bad practice these days to enforce password expiry. Here's what the National Cyber Security Centre here in the UK has to say about why: https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry

They said it needs to be in the project. What steps should I take to implement this?

I think this because of iso 27001 requirements @Jason So its hard to discuss whether its a bad practice or not. What's the better way to do that, contribute to project or try to create an extension? What do you suggest?

Yeah, ISO 27001 does not actually require it. At lot of implementor guidance, written based on old information, says that it is part of "best practice"... it's not (at least not any more). If you're being audited I recommend challenging your auditor to find you the exact wording of ISO 27001 that you're not following, especially in light of articles like the above from NCSC or NIST, which basically define best practice. I believe that ISO 27001:2022 includes something about reviewing passwords to make sure that they are still secure enough as password complexity requirements increase over time and breaches/leaks etc. should be taken into account. This is not the same as automatically expiring every n days. All of that having been said, if you really want to implement this in Umbraco, extending is the way to go - 'd be surprised if the security team would be happy adding this as a feature when it's consider bad infosec practice.

Other options you could look at - single sign on - 2FA https://docs.umbraco.com/umbraco-cms/reference/security/external-login-providers