Why to use a standalone RNG?

Why to use a standalone RNG ?

  1. to obtain FIPS140-3

  2. as part of CMVP (Cryptographic Module Verification Program)

One must certify its RNG – Random Number Generator following Entropy Validation defined by the NIST – National Institute of Standards and Technology department ESVTS – Entropy Source Validation Test Server

SP800/90 A –> RNG90-SSVDA-T is the solution

Read more on the NIST website Cryptographic Module Validation Program | CSRC


  • Very complex

The deterministic data needs to be extracted from the RNG engine and provided to a 3rd party lab for certification as contracted by the customer
Potential certification failure

  • Lengthy

Need tri-party NDA with customer, lab, silicon provider (distributor) to provide the RNG data
Process take about 9 months or more to just get the RNG certified.
Only then the customers can move forward with the next steps of their certification journey

Why can’t I get the RNG from a standard controller ?

  • Customer and test lab testimony

“because I would need to work directly with the controller (MCU, MPU, FPGA) business unit team of the silicon provider

  • for 18-24 month
  • for an opportunity less than 100ku
  • so I expect no support and I must fold back to a discrete approach
  • … that’s just for the RNG90”

RNG90 Features

  • I²C Interface Only
  • Packages: 8-PIN SOIC and 8-PAD UDFN
  • Single Zone of Memory (Configuration) No real need for Data
  • Random Number Generator SP800-90A/B/C Compliant
  • RNG and DRBG Health Tests
  • Voltage Range: 1.65 to 5.5V’s
  • Versions:
    Extended Industrial -40°C to +105°C
    Automotive -40°C to +125°C
    Both versions are called RNG90 but have different ordering codes

Support collateral

No NDA datasheet, all public content
Multiple socket kits
Parts are available from stock: