Why doesn't Citadel have the ability to enforce password strength?

Because your idea of a “strong” password is completely wrong.

Please refer to http://xkcd.com/936/ to understand why.

Or more modern and thorough by Eric Carell:

https://www.cloudwards.net/how-to-set-up-a-strong-password/