Industry Benchmark
IAM Maturity Benchmark for Public Sector
Public sector organizations start at the research floor, constrained by budget cycles, legacy systems, and procurement timelines that outlast most modernization plans.
- Industry base
- 1.2 on the 0 to 4 scale
- Confidence
- Derived estimate
- At 10,000 identities, North America
- 1.15
- Scope
- Workforce (CIAM uses it as a proxy)
The Starting Point
Why Public Sector Starts at 1.2
Government agencies operate some of the oldest application estates in the assessment pool, and identity modernization competes with every other unfunded mandate. Directives exist (in the US, federal zero trust mandates set explicit identity milestones), yet execution varies widely between agencies and even more at state and municipal levels.
The pattern the research shows: strong policy frameworks on paper, uneven enforcement in practice. Agencies that consolidate identity under a single accountable owner routinely outperform this benchmark despite the same constraints.
Source: Published industry research (2024-25). Confidence grading and citations are documented in the methodology.
Adjustments
What Shifts the Number
The base of 1.2 is adjusted for organization size and for region. Both tables below are computed with the same engine function the assessment runs, so they match what your results page would show. The exact parameterization is part of the licensed methodology.
Organization size (North America)
Expectations rise on a log curve: each step up in estate size moves the benchmark less than the last.
| Managed identities | Benchmark |
|---|---|
| 500 | 0.60 |
| 2,500 | 0.89 |
| 10,000 | 1.15 |
| 50,000 | 1.44 |
| 250,000 | 1.57 |
| 1,000,000 | 1.57 |
Region (at 10,000 identities)
Regional factors reflect documented differences in identity program adoption across markets.
| Region | Benchmark |
|---|---|
| North America | 1.15 |
| Western Europe | 1.20 |
| Eastern Europe | 1.09 |
| APAC Developed (Japan, Australia, Singapore) | 1.15 |
| APAC Emerging (India, SEA) | 1.03 |
| Middle East | 1.20 |
| Latin America | 0.97 |
| Africa | 0.97 |
By Domain
Expected Maturity by Domain
The overall benchmark is not flat across domains. Privileged access carries the highest expectation; newer capability areas carry lower ones. Values below apply the per-domain adjustments to the Public Sector benchmark at 10,000 identities in North America, capped at the 4.0 scale maximum.
| Domain | Adjustment | Expected maturity |
|---|---|---|
| IGA | 1.00 | 1.15 |
| PAM | 1.10 | 1.26 |
| Auth/SSO | 1.05 | 1.21 |
| Cloud | 0.80 | 0.92 |
| Security | 0.85 | 0.98 |
| Governance | 1.00 | 1.15 |
Workforce-scope domains shown. CIAM-scope assessments follow the CIAM benchmark treatment described below.
Read This Before Comparing
What This Benchmark Is, and Is Not
Customer identity (CIAM) scope
No CIAM-specific research base exists for Public Sector yet. CIAM-scope assessments reuse the workforce base as a stated proxy, and the platform widens the uncertainty band to reflect that substitution.
A research prior, refined over time
This number is a research-derived estimate (derived estimate), not a survey of Public Sector organizations run by AXIS. It sits at tier 4 of the 4-tier benchmark system: the fallback that is always available. As the pool of consented assessments grows, peer data blends into the estimate and gradually outweighs the prior, with the blend disclosed on every results page. Current pool coverage is published on the benchmark status page.
Interactive
Tune the Public Sector Benchmark to Your Organization
Adjust size, region, and scope. The result comes from the same engine function the assessment uses.
Between 100 and 5,000,000.
Benchmark 1.15 of 4 for Public Sector in North America.
Research benchmark
1.15
on the 0 to 4 maturity scale, for Public Sector in North America
- Industry base: 1.2 for Public Sector (derived estimate).
- Size: At 10,000 identities, the expectation matches a 10,000-identity peer at the same settings.
- Region: North America matches the North America baseline at these inputs.
- Scope: Workforce scope applies the industry base directly.
This is the research-derived prior (tier 4 of the benchmark system). Assessments blend in consented peer data where enough of it exists.
Other Industry Benchmarks
Financial Services
1.6Financial services carries the highest starting expectation of any industry in the AXIS model, the product of decades of audit pressure on access controls.
Energy & Utilities
1.4Energy and utilities benchmark above the general floor, pulled up by NERC CIP obligations and years of nation-state attention on critical infrastructure.
Technology/SaaS
1.4Technology and SaaS companies benchmark above the floor: cloud-native tooling gets adopted early, but integration sprawl and machine identities erode the advantage.
Healthcare
1.3Healthcare sits above the cross-industry floor but below financial services: HIPAA forces access discipline, while clinical workflows push back on it daily.
Manufacturing
1.2Manufacturing starts at the research floor: plant-level autonomy, OT environments, and serial acquisitions leave identity fragmented across sites.
Retail
1.2Retail starts at the research floor: thin margins, seasonal workforce churn, and a compliance regime that concentrates on cardholder data rather than identity breadth.
See Where You Stand Against This Benchmark
The assessment scores your program across every domain above, then plots it against the Public Sector expectation at your size and region. About 20 minutes, no signup required to start.