We are trying to enable security policy using the OOB System>Tools>Security Policy landing page.
Since the password policy changes are sensitive in production, I would like to know if there are extension points available with this module so that we shall safely pilot this with few users first before we plan to expand the usage to a broad range of users.
There is no extension point, but it is possible to direct the few test users to an authentication service that enforces the policy settings, while all other users access a different authentication service that does not enforce the policy.
There is no extension point to Security Policies. However, as Marty suggested you can have different authentication services to enable/disable security policies. But this feature is only available from Pega 8.2 version and not available in 7.3.1 (You post tag indicates 7.3.1)