The objective of this thesis is to define a descriptive maturity model for IoT security in postal services to enable postal operators to assess their maturity level and to define the desired stage of IoT security. That requires the definition of categories, potential sub-categories and maturity levels as well as the identification of IoT artefacts according to the dimensions and their implementation levels. The model is evaluated with experts from practice in different maturity stages.