It seems some government customers can request Intel's always-on Management Engine (ME) 'master controller' for its CPUs to be disabled.

That's not an option for the general public, but researchers at Russian security firm Positive Technologies have found a way to use these government-only privileges to disable ME.

ME is a core component of modern Intel chips that if compromised can provide an attacker with a powerful backdoor.

As the researchers note, ME can't be completely disabled because of its role in initializing hardware, power management, and launching the main processor.

Security researchers have long been worried by Intel ME because it's impossible for anyone but Intel to audit for any backdoors, which has led to numerous attempts to disable it, including the me_cleaner project.
Researchers say Intel's Management Engine feature can be switched off | ZDNet