How to enforce account lockout policies (copy)

I can't help, but you should not assume that Linux is the same as Unix, and you should not assume that even though there are Unix underpinnings in macOS that they are implemented in any way similar to Unix or Linux.

This is quite old, so not sure if it is still an option: How to set up password policies in OS X - CNET

While there may be a way to configure it in the client, the only thing I found was using Profile Manager in the Server app to configure profiles. You can see what options are available for passwords in this screencast: macOS Sierra Server Part 26: Profile Manager Users & Groups - YouTube Password stuff starts around 4:00.

Your question is about OS X software, not Desktop Computers. That would make this the wrong community. The command, pam_tally2, does not exist on my system. To use it would mean finding the source and compiling it on the Mac or finding it via MacPorts, perhaps.

Did not find it there, either. Below is the result of a cat authorization.

# authorization: auth account

auth optional pam_krb5.so use_first_pass use_kcminit

auth optional pam_ntlm.so use_first_pass

auth required pam_opendirectory.so use_first_pass nullok

account required pam_opendirectory.so