I worked with the U.S.Navy for over 25 years and had multiple security training certificates. Heck, I used to teach the Windows security courses for a little while. I was a security administrator as well as a system administrator, so I knew and programmed all of the rules.
The rules for passwords that the Navy preferred were:
1. At least 12 characters for "ordinary" passwords and 14 characters for administrator accounts.
2. Every password must have NOT LESS THAN two characters each of
2.a Upper case characters
2.b Lower case characters
2.c Digits (numeric characters)
2.d Specials (punctuation characters) - this always gave trouble because some characters were not usable.
3. Never more than two of the same character in a sequence.
4. Avoid names or obvious things about your personality, likes, or history.
5. Change passwords every 90 days (ordinary accounts) or 30 days (admin accounts)
6. Never repeat passwords within a 5-year "sliding" window. I.e. do not re-use a password you used less than 5 years ago.
The guideline was often to mix up short phrases and sneak in numbers or punctuation as letter substitutes. So you might come up with the phrase: Easy Come, Easy Go - then turn it into: E@$yC0me,E@sYG0
Your password would meet length criteria but would fail on the "distribution of character types" rule (no upper case, no punctuation). It would also fail on the "more than two repetitions of the same character" rule (666). So it would be counted as a weak password.