I downloaded a copy of the free BES Express. It contains the policy compiler. I made my own policy.inf with the settings I wanted. My paranoia was kicking in at the though of downloading and applying a policy file from the Net, even though I have no reason to doubt the policy.bin file in the thread is clean and legit. Like I said, paranoia.
The default policy file looks like the default policy that comes with the BES Express download is the .bin file included in Desktop Manager. It had a 5 character password minimum, and maximum password age was set to 5 days.