diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index c3899bfe7..b0bbb16cf 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2902,6 +2902,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
  */
 psa_status_t psa_generate_random(uint8_t *output,
                                  size_t output_size);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index dfbb6800f..01dbf3c3a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -148,6 +148,10 @@ typedef struct
 
 static psa_global_data_t global_data;
 
+#define GUARD_MODULE_INITIALIZED        \
+    if( global_data.initialized == 0 )  \
+        return( PSA_ERROR_BAD_STATE );
+
 static psa_status_t mbedtls_to_psa_error( int ret )
 {
     /* If there's both a high-level code and low-level code, dispatch on
@@ -3360,8 +3364,10 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
 psa_status_t psa_generate_random( uint8_t *output,
                                   size_t output_size )
 {
-    int ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
-                                       output, output_size );
+    int ret;
+    GUARD_MODULE_INITIALIZED;
+
+    ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
     return( mbedtls_to_psa_error( ret ) );
 }
 
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 01be797ab..202bd420f 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1178,3 +1178,6 @@ generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE
 PSA generate key: ECC, SECP256R1, incorrect bit size
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
 generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
+
+PSA validate module initialization: random
+validate_module_init_generate_random:
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index e14b2256d..e4a776ac0 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3451,3 +3451,13 @@ exit:
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void validate_module_init_generate_random( )
+{
+    psa_status_t status;
+    uint8_t random[10] = { 0 };
+    status = psa_generate_random( random, sizeof( random ) );
+    TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
+}
+/* END_CASE */