Is it possible to ensure in ISPConfig that users can not set weak passwords in their control panels?

Ideally, they should use a minimum 9 characters of which they have at least one each of lower case letter, upper case letter, number from 0-9 and non alphanumeric character.

This is not implemented, but you can add this to the username plugin.

Add what there, till? Is there something I have missed?

The username plugin is the script that displays the username input field and password field and verifies it. This is the place where you can add any additional code to verify the password strength. The plugin is written in PHP.

Update:
The username plugin file is: /home/admispconfig/ispconfig/lib/plugins/isp_username.plugin.php