When you see the error in system log, it means report RSUSR003 ran at that time and security violation was detected.
First step is to ensure note 1451760 is applied in the system.
If the error persists though you have implemented note 1451760, it means there is real security risk.
Run report RSUSR003 and check "Password Status" column, if there is any record shown in red background, change the password for the user to something which is not well known and not guessed easily..
After all records with background color are elimated, "Security Check Passed" will appear in system log while running RSUSR003 and it means no security risk for the standard users.
In some systems, you may find that RSUSR003 runs automatically though it is not intended.
This is because during EWA data collection, the collection program will call RSUSR003 to collect passwod status for standard users.
Relevant notes/kbas:
1451760 SUIM|RSUSR003 - inappropriate security violation message
863362 Security checks in SAP EarlyWatch Alert, EarlyWatch and GoingLive sessions
1610103 EarlyWatch Alert Report : section Default Password of Standard Users
