diff --git a/test/Core.Test/AdminConsole/Utilities/PolicyDataValidatorTests.cs b/test/Core.Test/AdminConsole/Utilities/PolicyDataValidatorTests.cs
index 2c94634f7f..dcc4ceb246 100644
--- a/test/Core.Test/AdminConsole/Utilities/PolicyDataValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/Utilities/PolicyDataValidatorTests.cs
@@ -83,4 +83,100 @@ public class PolicyDataValidatorTests
 
         Assert.Contains("Invalid data for MasterPassword policy", exception.Message);
     }
+
+    [Fact]
+    public void ValidateAndSerialize_MinLengthAtMinimum_Succeeds()
+    {
+        var data = new Dictionary<string, object> { { "minLength", 12 } };
+
+        var result = PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword);
+
+        Assert.NotNull(result);
+        Assert.Contains("\"minLength\":12", result);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_MinLengthAtMaximum_Succeeds()
+    {
+        var data = new Dictionary<string, object> { { "minLength", 128 } };
+
+        var result = PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword);
+
+        Assert.NotNull(result);
+        Assert.Contains("\"minLength\":128", result);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_MinLengthBelowMinimum_ThrowsBadRequestException()
+    {
+        var data = new Dictionary<string, object> { { "minLength", 11 } };
+
+        var exception = Assert.Throws<BadRequestException>(() =>
+            PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword));
+
+        Assert.Contains("Invalid data for MasterPassword policy", exception.Message);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_MinComplexityAtMinimum_Succeeds()
+    {
+        var data = new Dictionary<string, object> { { "minComplexity", 0 } };
+
+        var result = PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword);
+
+        Assert.NotNull(result);
+        Assert.Contains("\"minComplexity\":0", result);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_MinComplexityAtMaximum_Succeeds()
+    {
+        var data = new Dictionary<string, object> { { "minComplexity", 4 } };
+
+        var result = PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword);
+
+        Assert.NotNull(result);
+        Assert.Contains("\"minComplexity\":4", result);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_MinComplexityBelowMinimum_ThrowsBadRequestException()
+    {
+        var data = new Dictionary<string, object> { { "minComplexity", -1 } };
+
+        var exception = Assert.Throws<BadRequestException>(() =>
+            PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword));
+
+        Assert.Contains("Invalid data for MasterPassword policy", exception.Message);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_NullMinLength_Succeeds()
+    {
+        var data = new Dictionary<string, object>
+        {
+            { "minComplexity", 2 }
+            // minLength is omitted, should be null
+        };
+
+        var result = PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword);
+
+        Assert.NotNull(result);
+        Assert.Contains("\"minComplexity\":2", result);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_MultipleInvalidFields_ThrowsBadRequestException()
+    {
+        var data = new Dictionary<string, object>
+        {
+            { "minLength", 200 },
+            { "minComplexity", 10 }
+        };
+
+        var exception = Assert.Throws<BadRequestException>(() =>
+            PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword));
+
+        Assert.Contains("Invalid data for MasterPassword policy", exception.Message);
+    }
 }